CVE-2022-31198 : Security Advisory and Response
Learn about the high-severity vulnerability in OpenZeppelin Contracts affecting GovernorVotesQuorumFraction. Find out the impact, technical details, and mitigation steps for CVE-2022-31198.
OpenZeppelin Contracts is a library for secure smart contract development. The vulnerability in this CVE affects instances of Governor using the module
GovernorVotesQuorumFractionUnderstanding CVE-2022-31198
This section delves into the details of the vulnerability affecting OpenZeppelin Contracts.
What is CVE-2022-31198?
The vulnerability involves instances of Governor that utilize
GovernorVotesQuorumFractionThe Impact of CVE-2022-31198
The vulnerability poses a high severity risk, with a base score of 7.5. It affects the integrity of affected systems, especially when lowering quorum requirements.
Technical Details of CVE-2022-31198
Explore the specific technical aspects of the vulnerability in this section.
Vulnerability Description
Instances of Governor utilizing
GovernorVotesQuorumFractionAffected Systems and Versions
The vulnerability impacts OpenZeppelin Contracts versions between 4.3.0 and 4.7.1.
Exploitation Mechanism
Attackers could exploit this issue by lowering the quorum requirements, potentially making previously defeated proposals executable.
Mitigation and Prevention
Discover the steps to mitigate the impact of CVE-2022-31198 and prevent exploitation.
Immediate Steps to Take
Users are strongly advised to upgrade to OpenZeppelin Contracts version 4.7.2 to patch the vulnerability.
Long-Term Security Practices
Consider avoiding lowering quorum requirements if past proposals were rejected due to lack of quorum.
Patching and Updates
Regularly apply security patches and updates to ensure the protection of smart contracts.